All Versions
16
Latest Version
Avg Release Cycle
45 days
Latest Release
1240 days ago

Changelog History
Page 1

  • v1.2.16 Changes

    November 30, 2020

    ๐Ÿš€ Release of Cacti 1.2.16

    ๐Ÿ‘ Thank you everyone who are using Cacti and especially those helping to make Cacti better!

    For additional details check out the README located on GitHub.

    One more thing

    ๐Ÿ†“ In other news, TheWitness, one of our longest members, wrote a few words so feel free to read and comment if you have a few moments of your time:

    https://forums.cacti.net/viewtopic.php?f=4&t=61413

    Contribute

    ๐Ÿ‘ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

    ๐ŸŒฒ Cacti Change Log

    • issue #3704: When generating a report, the Cascade to Branches function does not as expected
    • issue #3859: When viewing graphs, automatic refresh so not always work as expected
    • issue #3898: Realtime graph pop up counter bug
    • issue #3903: Undefined variable errors may occur when creating a new datasource
    • issue #3907: The cli-based installer does not exit with a non-zero exit code when error occurs
    • issue #3912: When an export is complete, sometimes the progress bar remains
    • issue #3915: When enabling many devices, a threshold can be reached causing a slowdown in the process
    • issue #3916: When performing actions against Devices, replicated device information could sometimes be lost
    • issue #3917: When using API to rename a tree node, backtrace may be incorrectly shown
    • issue #3919: When searching, valid pages can sometimes be shown as empty by ddb4github
    • issue #3920: When exporting data from graphs, not all data was properly included
    • โšก๏ธ issue #3924: Graph Templates filter is not updated after new graph created by ddb4github
    • issue #3926: Username and password on the login page is not visible in Classic theme
    • issue #3929: Improve wording of concurrent process and thread settings
    • ๐Ÿšš issue #3930: Location filter should remove blank entries by ddb4github
    • ๐Ÿ”€ issue #3931: When syncing data collectors, a reindex event may be triggered unnecessarily
    • issue #3932: Automation Networks allows discovery of invalid IP addresses
    • issue #3933: When changing permissions of the current user, they don't take effect immediately
    • issue #3935: When reindexing a device, an incorrect page was sometimes displayed
    • issue #3942: When repairing database, audit_database.php does not add missing columns
    • ๐Ÿšฆ issue #3948: Spine 1.2.15 - Spine Encountered An Unhandled Exception Signal Number: '6' [11, Resource temporarily unavailable] (Spine thread)
    • ๐ŸŒฒ issue #3949: Log page should not be empty if no log info exists
    • โฌ†๏ธ issue #3953: During upgrade, there are times when realms can be duplicated leading to SQL errors
    • issue #3957: When using ping.php, UDP response times are not interpreted properly by hypnotoad
    • โš  issue #3960: Improve warning you get when attempting to view a log file you don't have access to
    • issue #3962: When replicating files, scripts are not marked as executable
    • ๐Ÿ”Œ issue #3963: When creating plugin tables, collation is not set properly
    • ๐Ÿ”‹ feature: Update c3.js to version 0.7.20
    • ๐Ÿ”‹ feature: Update Chart.js to version 2.9.4
    • ๐Ÿ”‹ feature: Update phpseclib to version 2.0.29
    • ๐Ÿ”‹ feature: Update PHPMailer to version 6.1.8
    • ๐Ÿ”‹ feature: Use LSB shebang notation for cli scripts
    • ๐Ÿ”‹ feature: Add support for cactid daemon based launcher
    • ๐Ÿ”‹ feature #3923: Add ability to hide the Graph Drilldown icons by datatecuk
    • ๐Ÿ”‹ feature #3943: Add hooks for plugins to show custom Graph Source and custom Template URL (List View)

    Reporting Issues

    http://www.cacti.net/issues.php

    Download Cacti

    http://www.cacti.net/download_cacti.php

    Download Spine

    http://www.cacti.net/spine_download.php

    Thanks!
    The Cacti Group

  • v1.2.15 Changes

    November 02, 2020

    ๐Ÿš€ Release of Cacti 1.2.15

    ๐Ÿ‘ Thank you everyone who are using Cacti and especially those helping to make Cacti better!

    For additional details check out the README located on GitHub.

    Contribute

    ๐Ÿ‘ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

    ๐ŸŒฒ Cacti Change Log

    • issue #3643: When editing Maximum OIDs Per Get Request, blank value can cause errors
    • issue #3656: Boost may run more often than it should
    • issue #3693: Recache Event Loop can cause Interface Graphs to show gaps
    • issue #3703: When searching Graph Tree's, non matching devices remain visible
    • issue #3711: Page validation errors may occur when opening real time graphs
    • issue #3722: External Links do not always open if they are still open from previous usage
    • issue #3730: Cultural changes to various word usage
    • ๐Ÿ”€ issue #3741: Replicate deleted device status instead of poller sync
    • issue #3743: Description field allows more characters entered than is stored
    • โฌ†๏ธ issue #3747: When installing or upgrading, LDAP functions may not always be included properly
    • ๐Ÿšš issue #3748: Unable to remove discovered device
    • โฌ†๏ธ issue #3753: When installing or upgrading, PHP recommendations may not always return a valid value
    • issue #3755: Graph Templates has duplicate SQL delete statement
    • ๐Ÿ”€ issue #3759: When syncing to remote poller, missing function errors may occur
    • issue #3760: When removing devices from remote pollers, devices may reappear without details
    • issue #3761: When removing devices, array errors may sometimes be recorded
    • issue #3763: Variable injection does not always work as expected
    • issue #3764: Editing Data Queries with multiple data templates can give errors about Suggested values
    • issue #3767: Progress bar does not provide enough visual information during long page loads
    • ๐Ÿ‘€ issue #3768: Some themes do not allow for a way to see which user is currently signed in
    • issue #3769: When viewing tables, allow users to force all columns to be visible
    • issue #3770: Column sizing is being lost between pages refreshes
    • issue #3771: When viewing input methods table, no ID is shown to help identify which method is being viewed
    • issue #3775: Filters do not always respect using keyboard to initiate searching
    • issue #3778: When exporting a data query, an invalid column name error can sometimes be shown
    • issue #3781: When checking if a view is allowed, having no session can result in errors
    • ๐Ÿ‘€ issue #3782: When removing devices via the CLI, undefined variable errors may be seen
    • issue #3786: Real Time Graphs may cause invalid index errors
    • issue #3790: On newer versions of MySQL/MariaDB, 'system' keyword can cause issues
    • ๐Ÿ”Œ issue #3793: Plugin setup can generate errors when reading options via system function
    • ๐Ÿ”Œ issue #3809: Plugin version numbers can be unexpectedly truncated
    • issue #3815: When PHP Session is set to autostart, an error can be reported as Cacti attempts to start it
    • issue #3820: When removing multiple items, selection process does not always work
    • ๐Ÿšš issue #3821: When exporting colors, the indicator is not always removed upon completion
    • issue #3825: Unable to pass tree and leaf ID to 'graph_button' hook
    • ๐Ÿšง issue #3827: When performing maintenance, various errors may sometimes be seen
    • issue #3828: When Guest User setting is active, current user is not always properly set
    • ๐Ÿ‘€ issue #3831: When installing Cacti, minor errors in text can be seen
    • issue #3835: Numbers are not always formatted properly when there are no decimal places
    • issue #3836: When viewing Real Time Graphs, an undefined index error may be recorded
    • issue #3844: Minor memory leaks and refresh issues when zooming on graphs
    • issue #3847: Real Time Graphs may sometimes fail due to folder permissions
    • issue #3849: Navigation can sometimes occur unexpectedly due to background timers
    • issue #3850: Trees management screen not reporting correct number of trees
    • issue #3858: Tree sequences can sometimes skip numbers during resorting
    • issue #3862: Guest user selection should not allow setting the currently logged in user
    • issue #3864: Links in Table Headers do not show clearly when in modern theme
    • issue #3868: Under some cases tree logic leads to undefined index errors
    • ๐Ÿšš issue #3869: Cacti Data Debug can show errors if the Data Source is damaged or has been removed
    • issue #3871: When importing a data query, an invalid column name error can sometimes be shown
    • issue #3874: When using shift functions on graphs, negative values are not allowed
    • issue #3881: Correct issue when file is unreadable reporting no file was specified
    • ๐Ÿšš issue #3883: Orphaned Plugins have no option to be removed
    • โšก๏ธ issue #3884: Update MySQL recommendations for Character Set and Colation
    • issue #3888: Correct sorting of IP addresses to be numeric not alpha by JamesTilt
    • issue #3890: Saving a device should not always repopulate the poller cache
    • ๐Ÿ”‹ feature: Update FontAwesome to Version 5.14

    Reporting Issues

    http://www.cacti.net/issues.php

    Download Cacti

    http://www.cacti.net/download_cacti.php

    Download Spine

    http://www.cacti.net/spine_download.php

    Thanks!
    The Cacti Group

  • v1.2.14 Changes

    August 02, 2020

    ๐Ÿš€ Release of Cacti 1.2.14

    ๐Ÿ‘ Thank you everyone who are using Cacti and especially those helping to make Cacti better!

    For additional details check out the README located on GitHub.

    ๐Ÿ‘€ If you are using 1.3.x via the develop branch then you may see notices in your
    ๐ŸŒฒ log files about PHP versions if you are running an outdated version of PHP.

    ๐Ÿ‘ In a week or two, we will be moving the minimum supported version of PHP forward
    to be able to take advantage of newer PHP functionality including typing,
    mutable datetime variables, etc.

    This will [b]NOT[/b] affect the current 1.2.x branch which will continue to
    receive patches whilst this development work is in progress.

    Contribute

    ๐Ÿ‘ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

    ๐ŸŒฒ Cacti Change Log

    • issue #3676: Device not showing up in device page but showing up in Monitor tab
    • issue #3678: More or Equal incorrect highlighting max_heap_table_size and tmp_table_size
    • issue #3694: Spikekill percent is converted from percent to decimal twice, making it 1/100 of the true size
    • issue #3713: When sorting data debug checks by user, no results are shown and errors recorded
    • issue #3719: When tooltip is too long, the scroll bar exists, and cannot be scrolled, which makes the tooltip be hided
    • issue #3723: Improper escaping of error message leads to XSS during template import preview
    • issue #3728: Invalid uptime is not handled properly
    • issue #3737: Poller functions may not run if 'processes' table is missing
    • ๐Ÿ”‹ feature #3615: Poller keeps using old IP address for a device

    Reporting Issues

    http://www.cacti.net/issues.php

    Download Cacti

    http://www.cacti.net/download_cacti.php

    Download Spine

    http://www.cacti.net/spine_download.php

    Thanks!
    The Cacti Group

  • v1.2.13 Changes

    August 02, 2020

    ๐Ÿš€ Release of Cacti 1.2.13

    ๐Ÿ‘ Thank you everyone who are using Cacti and especially those helping to make Cacti better!

    For additional details check out the README located on GitHub.

    ๐Ÿš€ With this release, there are a number of CVE's that have been addressed. We would like to take this moment to thank those who have contributed to Cacti with special mention to:

    Mayfly277
    ddb4github
    yingbaiibm
    DavidLiedke
    kim-fitness
    bmfmancini
    riversdev0

    The Cacti Group are made up of volunteers where all help and contributions are appreciated. Thanks to GitHub's recent Sponsors program, you can now also contribute financially to the project by using the "Sponsors" button on the GitHub Cacti repository or when visiting https://github.com/sponsors/Cacti

    ๐Ÿš€ We hope that you enjoy this release and that in the current unsettling climate, you are all safe and well.

    Contribute

    ๐Ÿ‘ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

    ๐ŸŒฒ Cacti Change Log

    • โšก๏ธ security #3544: jQuery XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)
    • ๐Ÿ”’ security #3549: Lack of escaping on some pages can lead to XSS exposure
    • โšก๏ธ security #3582: Update PHPMailer to 6.1.6 (CVE-2020-13625)
    • ๐Ÿ”’ security #3622: SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295)
    • ๐Ÿ”’ security #3628: Lack of escaping on template import can lead to XSS exposure
    • issue #3517: When generating reports, function looping can occur resulting in 100% cpu usage
    • issue #3525: When viewing Graphs, zoom functionality prevents drag and drop of image
    • issue #3527: When using 95th Percentiles, undefined index errors can be generated
    • issue #3532: When using Realtime, if no graph contents are present an error is generated
    • issue #3533: When exporting data, Start date for RRDfile does not match start date of first data row
    • issue #3536: When using Navigation Menu, Show/Hide in Response mode does not always work
    • ๐Ÿ’ป issue #3538: When using Realtime, race conditions between browser and function loading can occur
    • issue #3543: When exporting CSV data, Unicode prefix is not properly set
    • ๐ŸŒ issue #3551: Authentication can fail when using Web Basic Authentication and Template User
    • issue #3553: When attempting to view an aggregate graph that does not exist, many errors are generated
    • issue #3563: Current orphan handling disrupts graphing transient indexes
    • issue #3566: Automation incorrectly attempts to use MacTrack to duplicate options
    • ๐Ÿš€ issue #3567: When Boost runs, locks are not always released properly and crash is detected
    • ๐ŸŒฒ issue #3569: Invalid font results in large number of log entries
    • issue #3571: Correct various runtime errors due to incorrect message variables
    • issue #3574: Saving Graph Template Items take a long time on large systems
    • issue #3577: Hosts are being incorrectly filtered when first displaying with filter set to all
    • issue #3579: Graphs can incorrectly show as 'Empty Graph'
    • issue #3581: Realtime graph window is not resizing properly
    • โš  issue #3588: Validation warnings are generated when viewing/editing devices
    • โฑ issue #3594: Automation hangs for certain schedule types
    • ๐Ÿ”€ issue #3595: Template to Device sync text is not consistent
    • issue #3596: When importing template, resources aren't checked properly
    • ๐Ÿ”€ issue #3597: Template to Device sync provides no feedback
    • issue #3598: When editing graphs and graph templates, back button results in broken page
    • โฌ‡๏ธ issue #3599: When downgrading, templates are fully selected for install
    • issue #3601: When a device is down, instate can show wrong time
    • โฑ issue #3607: When session timeout occurs, subsequent authorized access to areas can become blocked
    • issue #3611: Allow CHANGELOG to be viewable from the GUI
    • issue #3613: When modifying trees, devices and graphs lists ignore Autocomplete Rows setting
    • issue #3614: When section tabs wrap, the title of the first section can become obscured
    • issue #3624: When previewing graphs, sometimes the images fail to appear
    • ๐ŸŒฒ issue #3629: Log files are not rotated properly on remote pollers
    • ๐Ÿ’ป issue #3631: Command line scripts do not allow an unlimited runtime causing timeouts
    • issue #3632: When mysql connection fails, various unexpected errors are recorded
    • issue #3635: Automate generates undefined index errors when communicating with remote pollers
    • โšก๏ธ issue #3639: When updating a device, duplicate entry errors occur when inserting to the database
    • issue #3646: Adding datasource fails from CLI due to missing function
    • issue #3651: Editing any item on an Aggregate Graph that has been converted to a normal graph breaks entire graph
    • issue #3655: Rare race condition between Boost and Poller can result in unexpected missing table errors
    • ๐Ÿ‘€ issue #3659: When viewing logs, unexpected 'needle' errors can be seen on rare occasions
    • issue #3663: Disabling a Data Collector can cause unexpected errors
    • issue #3668: When Input Field is in error, message reports field will be highlighted which is incorrect
    • issue #3669: When adding an Input Field, the Input Method can be renamed unexpected
    • issue #3673: Spikekill does not receive correct avgnan value when launching from GUI
    • issue #3676: Device not showing up in device page but showing up in Monitor tab
    • ๐Ÿšš issue #3681: Item movement arrows do not properly align on all themes
    • issue #3682: When in 'Time Graph View' mode, Zoom features do not work correctly
    • ๐Ÿ”‹ feature #3611: Allow CHANGELOG to be viewable from the GUI
    • ๐Ÿ”‹ feature #3647: When adding datasource fails from CLI, created Datasource ID should be printed
    • ๐Ÿ”‹ feature #3666: Update jstree.js to 3.3.10
    • ๐Ÿ”‹ feature #3688: Update phpseclib to 2.0.28

    Reporting Issues

    http://www.cacti.net/issues.php

    Download Cacti

    http://www.cacti.net/download_cacti.php

    Download Spine

    http://www.cacti.net/spine_download.php

    Thanks!
    The Cacti Group

  • v1.2.12

    May 03, 2020

  • v1.2.11 Changes

    April 07, 2020

    ๐Ÿš€ Release of Cacti 1.2.11

    ๐Ÿš€ Thank you everyone who are using Cacti and especially those helping to make Cacti better! This release includes a few new features as an attempt to make forward progress on our roadmap, without introducing new bugs. So, the features introduced were those that had a lower risk of introducing undesirable behavior.

    ๐Ÿš€ The team now hopes to focus more on our next major release while at the same time recognizing that additional issues exist that remain to be solved, and that new issues are likely to continue to be identified by the Cacti community. We will address those in the 1.2.x branch as before, but releases from the 1.2.x branch should decrease.

    For additional details check out the README located on GitHub.

    IMPORTANT: This release addresses a few minor security issues that should be noted. See the changelog below for details.

    Contribute

    ๐Ÿ‘ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

    ๐Ÿ”„ Change Log

    ๐Ÿ”’ -security#1566: Add SameSite support for cookies
    ๐Ÿ”’ -security#1985: Cookie should be properly verified against password
    ๐Ÿ”’ -security#3342: CSRF at Admin Email
    ๐Ÿ”’ -security#3343: Improper Access Control on disabling a user.
    โšก๏ธ -security#3414: Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
    -issue#2265: When attempting to save Graph field, query_ifSpeed is not properly validated
    -issue#2400: Allow ability to duplicate site settings
    ๐Ÿ”Œ -issue#2428: Make plugins non-case sensitive for folder names, whilst allowing nicer display names
    -issue#2580: When running DSSTATS, system isn't properly detecting that another is already running
    -issue#2853: Discovered Devices filtering do not include snmp description or name
    -issue#3231: Allow user to unlock a tree that has been locked for editing by another
    -issue#3237: Report gets resent every poller cycle
    โšก๏ธ -issue#3247: Language source files do not update "PO-Revision-Date" attribute
    -issue#3261: Automation rules aren't run for new devices on remote data collectors
    โฌ†๏ธ -issue#3296: Bad PHP memory limit values can result in failed upgrades
    โš  -issue#3299: When using php-snmp and setting SNMPv3, warning is now shown as library does not support it properly
    ๐Ÿ -issue#3303: When installing under Windows OS, path expansion is not converted to PHP required format
    ๐Ÿ‘€ -issue#3310: When using 32-bit OS, automation errors can be seen due to subnet mask calculations
    -issue#3312: Console menu does not auto-expand for graph item editor page
    ๐Ÿ‘€ -issue#3313: When installing, multiple issues can be seen due to bad packages
    -issue#3314: Script Server has invalid debug code left in
    โš  -issue#3317: Warnings can appear from CSRF Magic library due to multiple token values being found
    โฌ†๏ธ -issue#3319: Errors can occur upgrading from 0.8.x due to incorrectly detected data source profile id
    -issue#3322: When searching for LDAP accounts, allow recursive searching
    ๐Ÿ“ฆ -issue#3330: Packages that are not properly formatted can cause installation issues
    โฌ†๏ธ -issue#3334: When upgrading from 0.8.x Automation SNMP Options should be populated
    -issue#3335: Unable to hide Device based Aggregate Graphs on Tree
    ๐Ÿ”’ -issue#3336: Plugins need the ability to relax some content security policies in order to work properly
    โš  -issue#3340: Undefined variable warning can appear when using 95th percentile graphs
    -issue#3341: MoTranslator does not appear to be handing null values properly
    -issue#3345: When attempting to refresh datetime picker, unexpected results can appear
    -issue#3346: When attempting to rewrite octet strings, extra space breaks pattern matching
    ๐Ÿ”€ -issue#3348: When attempting to handle Orphans and/or Sync Graphs, results are not as expected
    -issue#3349: Prevent setting the PHP variable max_input_vars since it is read only
    ๐Ÿ‘€ -issue#3350: When editing a data source template, inconsistent results can be seen due to database query
    -issue#3355: When viewing raw graph data via the GUI, values are not always calculated correctly
    -issue#3357: Tree Search textbox resizes to 0 in some cases
    -issue#3360: When using guest accounts, after several timeouts result in refreshes, guest becomes logged out
    ๐Ÿ“ฑ -issue#3363: The current user and user group permissions pages are not responsive
    ๐Ÿšš -issue#3367: When Data Queries timeout, data is removed from the Host SNMP Cache table causing issues
    -issue#3368: Saving a Graph Template Item fails due to missing includes
    ๐ŸŒฒ -issue#3373: When logging in via LDAP, ActiveDirectory would sometimes report insufficient access
    0๏ธโƒฃ -issue#3375: When polling more often than default period of collecting data, distribution of collected data was not
    occurring
    -issue#3376: Improve speed when recovering from a poller from offline state
    -issue#3378: When attempting to check whether to include MoTranslator, typo makes it appear unavailable
    -issue#3380: php error when trigger threshold sendmail
    -issue#3386: Second data collector shows as running when its has no items to gather
    -issue#3387: Minor corrections to CSRF Magic
    -issue#3388: Naming of CLI programs does not always match name used within syntax usage advice
    -issue#3390: Incorrect breadcrumb bar if current tab is not "Graphs"
    ๐ŸŽ -issue#3402: Cacti scores low on performance audit on lighthouse audit
    -issue#3408: CSRF Secret path is not passed properly when attempting to initialize secret
    -issue#3409: Issues with navigation link activations to other base Cacti pages
    -issue#3410: Zoom looses focus in advanced mode while crossing chart border
    โฌ†๏ธ -issue#3411: When upgrading a primary server, full synchronization is not happening as expected
    โฌ†๏ธ -issue#3412: When upgrading a primary server, automation templates are removed
    โฌ†๏ธ -issue#3413: When upgrading and choosing to upgrade your packages, installer finishes without package data in log
    -feature#1551: Allow system uptime to be a variable for use with graphs
    ๐Ÿ”Œ -feature#1990: Plugin Realm should have a 'role' to help maintain changes between plugins
    -feature#2110: Add Refresh Interval to Data Collectors display
    -feature#2156: Add Location based filtering
    -feature#2236: Allow for Purging of Data Source Statistics from the GUI
    โช -feature#2268: Restore ability to duplicate a data profile
    โœจ -feature#2534: Enhance table navigation bars to support systems with larger number of items
    ๐Ÿ‘ -feature#2688: Increase length of Graph Item 'value' field to support pango-markup better
    -feature#3304: Allow Basic Auth Accounts to be mapped by CSV file
    ๐Ÿ’… -feature#3366: Make form elements under checkbox_groups flow using flex grid style
    -feature#3374: Set the domain attribute to secure cookies for the 'remember me' option
    โš  -feature#3403: Enhance the "Graph Debug Mode" to display RRDtool Command lengths and excess warnings

  • v1.2.10 Changes

    March 28, 2020

    ๐Ÿš€ Release of Cacti 1.2.10

    ๐Ÿ‘ Thank you everyone who are using Cacti and especially those helping to make Cacti better!

    For additional details check out the README located on GitHub.

    IMPORTANT: This release addresses one new CVE that was reported. For more information see the changelog.

    Contribute

    ๐Ÿ‘ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

    ๐Ÿ”„ Change Log

    ๐Ÿ”’ -security#3285: When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813)
    ๐Ÿ”ง -issue#3240: When using User Domains, global template user is used instead of the configured domain template user
    -issue#3245: Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments
    โฌ†๏ธ -issue#3246: When upgrading with remote collectors, sync status does not always return properly
    -issue#3250: When PHP memory limit is set to -1, recommendation value fails
    โฌ†๏ธ -issue#3253: Upgrade can stall when checking permissions on csrf-secret.php
    -issue#3254: Installer shows script owner rather than running user for suggested chown command
    -issue#3266: When setting User Groups to 'Defer to the User', setting can lead to user being told they have no permissions
    -issue#3269: When searching Graphs under a Chinese language, an unexpected error as sometimes shown
    -issue#3274: When editing a tree, multiple device drag/drop does not work
    ๐Ÿ”Š -issue#3276: When spine aborts, script server can be left wanting or generating unnecessary logs
    -issue#3277: When boost does not find an initial time, numeric errors can be raised
    -issue#3281: When changing Graph Template options, incorrect image format may be selected
    -issue#3282: Graph's can be sized incorrectly if image is SVG format
    -issue#3283: When setting a file path, valid characters not recognised properly
    ๐Ÿ‘€ -issue#3287: When using graph template 'Cacti Stats - User Logins', an incorrect count of invalid users can be seen
    -issue#3288: When on Device page, pressing 'Go' on the filter caused Device New menu pick to appear
    -issue#3289: When using CMD.PHP, poller id is not always shown properly
    ๐ŸŒฒ -issue#3290: When using CMD.PHP, inconsistent device logging levels may occur
    -issue#3298: When initialising fields in JavaScript, text/textarea elements have width set to zero if it is hidden by parent by ddb4github
    -issue#3302: Editing a Graph Template does not show the Data Template name

  • v1.2.9 Changes

    March 28, 2020

    ๐Ÿš€ Release of Cacti 1.2.9

    ๐Ÿ‘ Thank you everyone who are using Cacti and especially those helping to make Cacti better!

    For additional details check out the README located on GitHub.

    IMPORTANT: This release addresses two CVE's that were reported. For more information see the changelog.

    Contribute

    ๐Ÿ‘ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

    ๐Ÿ”„ Change Log

    ๐Ÿ”’ -security#3191: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106)
    ๐ŸŽ -security#3201: Remote Code Execution due to input validation failure in Performance Boost Debug Log (CVE-2020-7237)
    -issue#2937: Devices still show in lists despite being deleted
    -issue#3038: When editing an aggregate on smaller screens, layout may not be correct
    โฌ†๏ธ -issue#3136: Upgrade may fail between 1.2.7 and 1.2.8 if incompatible database format used
    -issue#3142: Chrome sets graphs tree navigation view to width 0px
    -issue#3146: Unable to create aggregate graphs on new installations
    -issue#3149: After refresh of page, tooltips stop working
    -issue#3150: When using Time Graph View, Zooming can cause errors
    ๐Ÿ—„ -issue#3151: Passing glue string after array is deprecated in PHP 7.4
    -issue#3155: Aggregate does not correctly follow color template when reordered
    -issue#3156: On new installs, gprint_format was missing from table aggregate_graphs
    -issue#3157: Back button not working properly with Classic theme
    -issue#3158: Classic theme show only 3 tabs on mobile device. Don't show Console menu
    -issue#3159: PHP Memory is not correctly identified when value is not in megabytes
    -issue#3161: When the poller_output_boost table is missing, recreate it before a poller run
    ๐Ÿ‘• -issue#3163: When using RPMlint, Free Software Foundation address is shown to be incorrect
    -issue#3165: Zoom looses its focus after all graphs on page rendered
    -issue#3166: When changing zoom level, graphs are resized inappropriately at the end
    -issue#3167: Installer should initialize the csrf-secret.php file automatically
    -issue#3168: sqltable_to_php.php script does not pick up row_format
    ๐Ÿ”’ -issue#3177: Remove legacy plugin hook that presents potential 3rd party security issues
    -issue#3178: The change password page is not displaying the rules
    -issue#3180: Receiving undefined index errors when working with some Data Queries
    ๐Ÿ”ง -issue#3181: When configuration file is unreadable, Cacti shows database connection errors if non defaults are needed
    -issue#3182: When a database connection error occurs, there is no way to report actual error
    -issue#3184: Improve program path detection by using system path and PHP_BINDIR
    ๐Ÿ”Œ -issue#3193: Starting with MySQL 5.7 some sql_mode variables are required for some plugins
    ๐Ÿ”’ -issue#3196: Minimize use of eval() in JavaScript due to emerging Content-Security-Context guidelines
    -issue#3200: Unable to mass change Graph Template image format in mass
    -issue#3206: Converted aggregate graph cannot be edited
    ๐Ÿ”€ -issue#3209: Error occurs when Creating New Graphs through Automatically Added Devices using Sync Device Template
    -issue#3216: When editing a Data Source Profile size is shown as 'N/A'
    ๐Ÿ’ป -issue#3224: When removing graphs by command line, regex is not properly validated when empty
    -issue#3225: Unable to Import Templates due to invalid dependency hash
    -issue#3226: When processing secpass login, failed logins are not recorded
    -issue#3228: Login page does not remember the last realm used by user
    -issue#3232: When editing HRULE and VRULE items, color selector was not presented
    -issue#3233: When working with non-templated graphs, it can be difficult to determine what items represent
    -issue#3235: Transient errors may occur with table poller_output_boost_arch

  • v1.2.8 Changes

    December 09, 2019

    ๐Ÿš€ Release of Cacti 1.2.8

    ๐Ÿ‘ Thank you everyone who are using Cacti and especially those helping to make Cacti better!

    For additional details check out the README located on GitHub.

    IMPORTANT: This release addresses two CVE's that were reported. For more information see the changelog.

    Contribute

    ๐Ÿ‘ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

    ๐Ÿ”„ Change Log

    • ๐Ÿ”’ security#3025: CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
    • ๐Ÿ”’ security#3026: CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
    • ๐Ÿ”’ security#3066: When using HTTPS, secure cookie to prevent potential weakness
    • issue#1228: Any tree or branch with a long name force main content off screen
    • issue#2133: Long snmp_indexes are being cut off
    • issue#2888: Long hostnames cause template filter to go off page
    • โšก๏ธ issue#2987: Changing Color Template does not update Aggregate
    • issue#2989: Allow Remote Data Collectors to maintain their own path variables
    • issue#2991: Cacti Statistics device template can generate unexpected errors
    • issue#2995: When editing a report, column setting may be ignored incorrectly
    • issue#2996: When editing a user, graph options do not properly reflect previously saved settings
    • ๐ŸŽ issue#2998: Session performance issues due to excessive use for database storage
    • issue#2999: Blank arguments can lead to extra spaces in script arguments
    • โš  issue#3006: Boost generates undefined variables warning during poller run
    • ๐ŸŒฒ issue#3011: i18n logging does not check write permission exists
    • issue#3012: When viewing realtime graphs, some input variables are not properly checked
    • issue#3013: Allow legends to be modified for Aggregate Graphs
    • issue#3017: Automation network range with spaces fails validation
    • issue#3019: User selected language is not always adhered to
    • issue#3021: Tree view cuts off at the bottom of page on modern theme
    • issue#3023: When clicking highlighted tab, side panel is not always shown/hidden correctly
    • issue#3027: Aggregate Graph re-ordering does not work
    • issue#3028: When zooming a graph, unable to reach edge of graph without losing focus
    • issue#3030: Pace continues to run even after a page is finished rendering
    • issue#3032: Graphs may select MAX instead of AVERAGE as consolidation function even if there is no item with MAX present.
    • ๐Ÿšš issue#3035: When editing a tree, can not remove entries due to CSS bug
    • issue#3037: When emptying poller output using cli, debug functions are not properly included
    • ๐Ÿ“ฆ issue#3039: Allow packagers to be able to specify an alternate location of csrf-secret.php file
    • issue#3040: When running automation, discovery can still run even if cancelled
    • issue#3041: When running automation, scans do not always respond to being cancelled
    • issue#3042: When running automation, scan can fail when selecting remote pollers
    • issue#3045: When viewing Aggregate Graphs, an error due to undefined referrer may occur
    • issue#3047: When saving settings, ignore remote pollers who have not checked in recently
    • issue#3050: When viewing graph trees, some input variables are not properly checked
    • ๐ŸŽ issue#3052: When editing CDEF's, slow database performance can occur
    • issue#3053: When viewing graph thumbnails, some input variables are not properly checked
    • โฌ†๏ธ issue#3055: During install/upgrade, database tests are not performed correctly
    • issue#3059: When using nth_percentile, correct value is not always returned if using MAX consolidation
    • โฌ†๏ธ issue#3060: When upgrading from older MySQL databases, format is not changed from compact to dynamic
    • issue#3061: When running automation, allow SNMP to be used as a ping method
    • issue#3068: When administrating users, some input variables are not properly checked
    • ๐ŸŒฒ issue#3070: Improve database logging when a crashed table is encountered
    • issue#3073: Automation network range does not always produce the correct start/end values
    • โš  issue#3078: When viewing graph debug from remote data collector, File Not Found warnings can appear incorrectly
    • issue#3079: Allow domain names to be stripped from a device's long description
    • โš  issue#3080: Remote Agent throws warnings that graph_nolegend has not been sanitized
    • issue#3085: When editing a poller, ensure each listening IP is unique
    • issue#3081: External Links are not showing a glyph when they appear on the Console menu
    • issue#3089: When viewing graphs in realtime, undefined variable can be logged for 95th Percentile graphs
    • ๐Ÿง issue#3099: Graph template 'Linux - Memory Usage' has the wrong unit on its vertical_label
    • issue#3101: Polling times can be slightly inconsistent due
    • ๐Ÿ‘€ issue#3104: When viewing graphs, a byref error can be seen in the error logs
    • issue#3105: When viewing hosts, some input variables are not properly checked
    • ๐Ÿ’ป issue#3111: When adding devices via command line, bad SNMP versions are not reported
    • issue#3112: When zooming on Graphs, too many requests are being made causing slowness
    • ๐Ÿ‘ issue#3114: Support for USB devices that change name due to their hosts restarting
    • issue#3118: When converting tables, the dynamic row format should be selected
    • โฌ†๏ธ issue#3119: Main Data Collector should perform a Full Sync whenever it is installed/upgraded
    • issue#3120: Correct issues causing incompatibility with PHP 7.4
    • issue#3121: When converting tables during install, show what will be changed
    • โฌ†๏ธ issue#3123: Named colors table is not properly imported/upgraded
    • issue#3124: When a second data collector is added, boost is not enabled automatically
    • issue#3128: i18n handler checks for existence of wrong mo file
    • issue#3129: Logout repeated occurs even when already logged out
    • issue#3132: Installer fails to continue if automation range is array of networks
    • ๐Ÿ”‹ feature#3077: Allow disabling remote poller resource cache replication to support upgrade testing

    *** Reporting Issues ***

    http://www.cacti.net/issues.php

    *** Download Cacti ***

    http://www.cacti.net/download_cacti.php

    *** Download Spine ***

    http://www.cacti.net/spine_download.php

    Thanks!
    The Cacti Group

  • v1.2.7 Changes

    September 29, 2019

    ๐Ÿš€ Release of Cacti 1.2.7

    ๐Ÿ‘ Thank you everyone who are using Cacti and especially those helping to make Cacti better!

    For additional details check out the README located on GitHub.

    IMPORTANT: Security issue #2964 (CVE-2019-16723) was found and fixed that allowed unrestricted access to graphs via the https://cacti/graphs_json.php url. Whilst this page did check that a valid user was logged in, any user would be able to access any graph regardless of any defined permissions.

    Contribute

    ๐Ÿ‘ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

    ๐Ÿ”„ Change Log

    • ๐Ÿ”’ security#2964: CVE-2019-16723 Security issue allows to view all graphs
    • โฑ issue#1181: When opening the Scheduler, it may appear off screen when opened near the bottom of a window
    • issue#2894: When using Remote Data Collectors, database information and recommendations may show Incorrect values
    • issue#2895: When using data sources from different RRDs, Percentile calculation may be incorrect
    • issue#2899: When displaying a form, variable substitution may not always work as expected
    • issue#2922: When running a data query, the result may come back as undefined
    • issue#2925: When using consolidation functions, retrieving the first step can cause errors
    • issue#2926: When editing a graph, variable validation errors may prevent changes from being saved
    • ๐ŸŽ issue#2929: Boost performance may become poor even in single server mode
    • issue#2930: RRDtool can generate errors to standard output which can corrupt images
    • issue#2932: When RRDTool generates an error creating an image, it is not always reportedly properly
    • issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit
    • โฌ†๏ธ issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect location for DB upgrade scripts
    • issue#2940: Images are not always properly sized until the page size changes
    • issue#2949: Order icons may not be properly aligned
    • issue#2951: Allow legends to be modified for Aggregate Graphs
    • issue#2958: Drop down autocomplete lists do not always open as expected
    • ๐Ÿ”€ issue#2961: When syncing device templates, undefined function may be raised
    • issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime
    • ๐Ÿ issue#2966: Realtime popup windows do not always honor settings
    • issue#2967: When using Spikekill, gap and range fill are not operating as expected
    • issue#2970: When a user edits their profile, buttons may appear as unusable whilst still being enabled
    • issue#2973: User menu does not always display properly on mobile devices
    • issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes' set but not found in data source
    • issue#2975: Datasource Debug does not properly handle European numbers in certain circumstances
    • ๐ŸŒฒ issue#2976: Boost messages should be stored in their own log file
    • โšก๏ธ issue#2977: Data updates with past timestamps can cause boost errors
    • issue#2978: Moving hosts between data collectors is slow
    • ๐Ÿ“œ issue#2979: Multi Output Fields are not parsed correctly
    • issue#2984: When checking SQL fields, value was not always primed
    • issue#2986: Selecting 'Devices' menu pick closes 'Management' menu
    • ๐Ÿ”‹ feature#2943: Allow all Data Queries of a device to be re-indexed at once
    • ๐Ÿ”‹ feature#2952: If device is down or threshold breached, highlight in tree view
    • ๐Ÿ”‹ feature#2985: Update phpseclib to 2.0.23